The importance of IT security vigilance

Last September 18th, Germany’s Federal Office for Information Security warned that nation’s population not to use Internet Explorer because of an IE security flaw “is already being used for targeted attacks” designed to lure users to an infected website which, when visited, allows hackers to take control of the user’s computer. Soon after, the Swedish government issued a similar warning.

Even worse, Microsoft was not immediately able to fix the problem. First came a temporary patch, said to be less that complete.

The takeaway: Do not EVER let down your guard when it comes to information security. Thus, I’m again posting one of my favorite charts, which shows where the security threats to small and mid-size businesses come from.

I like this chart because it highlights a key reality of today’s information security environment — that you face dangers coming from both outside and inside your organization.

And while some security threats involve shutting down IT functionality — for instance, because of denial-of-service attacks — a much more common and frequent threat comes from compromised, stolen, or lost data. This is confirmed by IT trade group CompTIA’s study on security in the workforce, which shows that a majority of those surveyed either suffered known data loss or ‘likely’ data loss. Specifically:

65% lost confidential corporate financial data

52% lost confidential employee records

27% lost confidential customer data (e.g., credit card numbers)

26% lost corporate intellectual property or trade secrets.

Meanwhile, another study — the 2010 Annual Study: U.S. Cost of a Data Breach, published last year — conducted for Symantec by the Ponemon Institute tells us that in 2010, the average data breach cost $7.2 million, up from $6.6 million in 2009.

Maintaining IT security is a constant and complex endeavor requiring a responsive strategy and unrelenting vigilance. And it has never been more important, which is why I’ll be posting about it again soon.